At 15:39 +0300 15.7.1999, Anthony Baxter wrote:
As far as I can tell, both Navigator and IE are refusing to send the cookie set from the http site to the https site. Presumably this is some poor idea of security.
Well, the 'net security solutions related to https generally seem to involve totally disabling any and all data exchange possible. :( Some versions of browsers go totally haywire if you have an HTML page served from an https site that links to an image on an http site... The behaviour of browsers in relation to https varies wildly with the version of the browser and seems to generally become stricter as time passes. Most probably this is due to the fact people are very good at finding exploits..
Has anyone else seen this, and, more importantly, has anyone else found a workaround?
The only workaround we've figured out is to link from site to site with GET URL's that point to scripts and then set the cookie separately. That's sure to work with all browsers - I wouldn't trust setting a cookie "secure" as suggested here earlier with the amount of different cookie implementations out there but then you're free to try. :) Jussi --- Jussi Haro Chief Technical Designer Grey Interactive Helsinki - http://www.greyinteractive.fi/ Tel. +358 9 6957 467 Fax. +358 9 6957 660